Jul 26, 2019

Exclusive: Users in dark about security products' effectiveness

Illustration: Aïda Amer/Axios

53% of IT security managers don't know whether the cybersecurity products they use actually work as promised, according to an upcoming survey from the Ponemon Institute and security firm AttackIQ.

Why it matters: It's a little unsettling to find out a captain has no idea if the ship is watertight.

  • Plus, if 53% seems bad, it's probably a whole lot worse. "People are more likely to say they are confident about themselves, so when you see a study showing low confidence, it’s possibly a lot worse," said Larry Ponemon, of the eponymous Institute.
  • The survey included 577 responses from IT managers.

The cybersecurity industry is good at inspiring a lack of faith in the cybersecurity industry.

  • Buzz words bandied about in slogans frequently generate as much skepticism as they do enthusiasm. The notion of snake oil products has been so pervasive that companies now advertise around it.
  • "You sometimes see companies market their products to the threat of the day but not adapt the tool," says Kiersten Todt, managing director of the Cyber Readiness Institute.

To be sure: Many cybersecurity tools are pretty good at what they do. The problem is that the function of security products is a black box — users can't see the gears turning to verify that a tool works or that they are using it properly.

  • "There’s been no methodical approach to check if a product is working as intended," said Chris Kennedy, chief information security officer at study sponsor AttackIQ, which sells products to simulate attacks.

The bottom line: In a better world, security products would inspire more confidence from the people who use them — especially given the cost of cybersecurity.

"Do you have confidence in your door locks?" Kennedy. says. "Put millions of dollars in investment into them, then, yeah, you should have confidence in the product."

Go deeper

21 mins ago - Technology

Civil rights leaders blast Facebook after meeting with Zuckerberg

Screenshot of an image some Facebook employees used as part of their virtual walkout on Monday.

A trio of civil rights leaders issued a blistering statement Monday following a meeting with Facebook CEO Mark Zuckerberg and other top executives to discuss the social network's decision to leave up comments from President Trump they say amount to calls for violence and voter suppression.

Why it matters: While Twitter has flagged two of the president's Tweets, one for being potentially misleading about mail-in ballot procedures and another for glorifying violence, Facebook has left those and other posts up, with CEO Mark Zuckerberg saying he doesn't want to be the "arbiter of truth."

Updated 40 mins ago - Politics & Policy

Updates: George Floyd protests nationwide

Police officers wearing riot gear push back demonstrators outside of the White House on Monday. Photo: Jose Luis Magana/AFP via Getty Images

Protests over the death of George Floyd and other police-related killings of black people continued for a seventh day across the U.S., with President Trump threatening on Monday to deploy the military if the unrest continues.

The latest: Baltimore Police Department tweeted late Monday, "BPD has activated the Maryland State Police to assist with moderate crowds in the downtown area. Officers have observed members in the crowd setting off illegal fireworks and throwing objects near peaceful protestors and officers."

2 hours ago - Technology

Cisco, Sony postpone events amid continued protests

Screenshot: Axios (via YouTube)

Cisco said Monday night that it is postponing the online version of Cisco Live, its major customer event, amid the ongoing protests that have followed the killing of George Floyd.

Why it matters: Cisco joins Sony, Electronic Arts and Google in delaying tech events planned for this week.